NIST Seeking Input on Updates to NICE Cybersecurity Workforce Framework

The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST), is planning to update the NICE Cybersecurity Workforce Framework, NIST Special Publication 800-181. The public is invited to provide input by January 13, 2020, for consideration in the update. 

The list of topics below covers the major areas in which NIST is considering updates. Comments received by the deadline will be incorporated to the extent practicable. The resulting draft revision to the NICE Cybersecurity Workforce Framework (NICE Framework), once completed, also will be provided to the public for further review and comment.

NIST held a public webinar titled "How You Can Influence an Update to the NICE Framework" to describe the planned updates and answer questions on December 3, 2019 at 1:00-2:00 p.m. EST. Details and a recording will be made available at nist.gov/nice/webinars.

All submissions, including attachments and other supporting materials, will become part of the public record and are subject to public disclosure. Sensitive personal information, such as account numbers or Social Security numbers, or names of other individuals, should not be included. Submissions will not be edited to remove any identifying or contact information. Do not submit confidential business information, or otherwise sensitive or protected information. All comments received in response will be made available at nist.gov/nice/framework without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information). Comments that contain profanity, vulgarity, threats or other inappropriate language will not be posted or considered.

Comments will be accepted until January 13, 2020.

Improvements to the NICE Framework

The following topics are intended to help NIST and its partners who are part of the NICE Community to learn about experiences in applying and using the NICE Framework and explore opportunities for improvement. 

1. Describe what components of the NICE Framework have been most useful to you and why. 
2. Describe what components of the NICE Framework have been least useful to you and why. 
3. Share any key concepts or topics that you believe are missing from the NICE Framework. Please explain what they are and why they merit special attention.  
4. Describe how the NICE Framework can be more useful to a variety of audiences (i.e. employers, employees, education and training providers, learners, small enterprises, etc.).
5. Describe the potential benefits or challenges experienced when aligning the NICE Framework more closely with other related standards, guidance, or resources (e.g., NIST Framework for Critical Infrastructure Cybersecurity, NIST Privacy Framework, other NIST Special Publications, etc.).
6. Explain if you think the scope of the covered workforce as stated by the NICE Framework needs to be adjusted.
7. Describe any improvements that might be made in the current organization of the NICE Framework and its major components such as Categories, Specialty Areas, Work Roles, Knowledge, Skills, Abilities, and Tasks. 
8. Describe how the NICE Framework can best document and describe Knowledge, Skills, Ability, and Task statements as well as Competency Areas.
9. Explain whether the NICE Framework indicates which Knowledge, Skills, and Abilities could be considered as foundational for all workforces that regularly interact with networks, systems, and data in cyberspace.
10. For each NICE Framework work role, please provide an informative reference that you would like the NICE Framework Resource Center to reference. 
11. Describe which components of the NICE Framework you think are best left as static content and would not change until the next revision and which components could be managed as dynamic content (i.e., more frequent changes or updates to accommodate new information as it becomes available).   
12. Describe the value or risk in different organizations, sectors of the economy, or organizations with classified versus unclassified workforces to develop customized versions of the NICE Framework tailored to their specific circumstances.

Awareness, Applications, and Uses of the NICE Framework

Recognizing the critical importance of widespread voluntary usage of the NICE Framework to achieve the goals of Executive Order 13870 on America’s Cybersecurity Workforce, NIST solicits information about awareness of the NICE Framework and its application and use by organizations and by individuals.

1. Describe the extent of current awareness of the NICE Cybersecurity Workforce Framework within your organization or sector or among individuals. 
2. Describe how you or your organization was introduced to the NICE Framework.
3. Describe the greatest challenges and opportunities for increasing awareness and use of the NICE Framework. 
4. Explain how you are currently referencing (i.e., applying or using) the NICE Framework and what plans, if any, you have for referencing it during the next year.
5. If you are an employer, describe how your organization uses the NICE Framework to develop position descriptions, guide skill-based training, facilitate workforce planning, or other uses.
6. If you are an education or training provider, describe how your organization uses the NICE Framework to develop or describe education and training content or associated credentials.
7. If you are an employee, job seeker or learner, describe how you use the NICE Framework for communicating your competencies or skills to employers, identifying training or professional development needs, or navigating your career pathway.
8. Describe any tools, resources, or publications that exist that reference or would benefit by referencing the NICE Framework.
9. Describe any tools, resources, or technical support needed to increase the application and use of the NICE Framework.
10. Propose any improvements for the application and use of the NICE Cybersecurity Workforce Framework.